Total
7024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | |||||
| CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. | |||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | |||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| openSIS through 7.4 allows Directory Traversal. | |||||
| CVE-2020-13376 | 1 Securenvoy | 1 Securmail | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | |||||
| CVE-2020-13355 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13347 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | |||||
| CVE-2020-13227 | 1 Sysax | 1 Multi Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | |||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||||
| CVE-2020-13093 | 1 Ispyconnect | 1 Agent Dvr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. | |||||
| CVE-2020-12851 | 1 Pydio | 1 Cells | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | |||||
| CVE-2020-12832 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. | |||||
| CVE-2020-12827 | 1 Mjml | 1 Mjml | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | |||||
| CVE-2020-12765 | 1 Solis | 1 Miolo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | |||||
| CVE-2020-12764 | 1 Solis | 1 Gnuteca | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | |||||
| CVE-2020-12737 | 1 Maxum | 1 Rumpus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | |||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | |||||
| CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||||
| CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2024-11-21 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | |||||
| CVE-2020-12508 | 1 Badgermeter | 1 Moni\ | 2024-11-21 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. | |||||